OAuth Endpoints
Complete reference for TinyRebrand's OAuth 2.0 authentication endpoints
TinyRebrand's OAuth 2.0 implementation provides secure authentication and authorization. These endpoints handle token generation, user authorization, and token management.
Personal Access Tokens (PATs): For simpler integrations, you can also use Personal Access Tokens. PATs are long-lived tokens that don't require the OAuth flow. You can create and manage them through theToken Management API.
Available Endpoints
Complete list of OAuth endpoints and their purposes:
| Endpoint | Method | Purpose | Required Scope |
|---|---|---|---|
| /oauth/token | POST | Exchange credentials for tokens | None (public) |
| /oauth/authorize | GET/POST | Authorization flow | None (public) |
| /oauth/google | POST | Google SSO | None (public) |
| /oauth/revoke | POST | Revoke tokens | None (public) |
| /oauth/introspect | POST | Validate tokens | None (public) |
POST /oauth/token
POST /oauth/token
Exchange credentials for access tokens using password grant.
Required Scope: None (public)
Request:
curl -X POST https://api.tinyrebrand.com/api/oauth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "password",
"client_id": "web-client",
"username": "[email protected]",
"password": "password123"
}'Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| grant_type | string | ✅ | Must be 'password' or 'refresh_token' |
| client_id | string | ✅ | Client identifier |
| username | string | ✅ | User email address (for password grant) |
| password | string | ✅ | User password (for password grant) |
| refresh_token | string | ❌ | Refresh token (for refresh grant) |
| token | string | ❌ | 2FA code (if required) |
Response:
{
"status": 200,
"code": "OK",
"message": "Login successful",
"data": {
"access_token": "at_1234567890abcdef",
"refresh_token": "rt_abcdef1234567890",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "user:read links:read links:write",
"user": {
"id": "user123",
"email": "[email protected]",
"name": "John Doe"
},
"limits": {
"domains": { "used": 2, "limit": 3 },
"links": { "used": 150, "limit": 500 }
}
}
}GET /oauth/authorize
GET /oauth/authorize
Redirect users to the authorization endpoint for OAuth code flow.
Required Scope: None (public)
Request:
curl -X GET "https://api.tinyrebrand.com/api/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https%3A%2F%2Fyourapp.com%2Fcallback&scope=user%3Aread%20links%3Aread&state=random_state_string"Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| response_type | string | ✅ | Must be 'code' |
| client_id | string | ✅ | Your OAuth client ID |
| redirect_uri | string | ✅ | URL encoded callback URL |
| scope | string | ❌ | Space-separated scopes |
| state | string | ❌ | CSRF protection string |
Response:
{
"status": 302,
"code": "OK",
"message": "Redirect to authorization page",
"data": {
"redirect_url": "https://app.tinyrebrand.com/oauth/authorize?..."
}
}POST /oauth/google
POST /oauth/google
Authenticate using Google Sign-In.
Required Scope: None (public)
Request:
curl -X POST https://api.tinyrebrand.com/api/oauth/google \
-H "Content-Type: application/json" \
-d '{
"token": "google_id_token_here",
"client_id": "web-client"
}'Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| token | string | ✅ | Google ID token |
| client_id | string | ✅ | Client identifier |
Response:
{
"status": 200,
"code": "OK",
"message": "Google login successful",
"data": {
"access_token": "at_google_1234567890abcdef",
"refresh_token": "rt_google_abcdef1234567890",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "user:read links:read links:write",
"user": {
"id": "user123",
"email": "[email protected]",
"name": "Google User"
}
}
}POST /oauth/revoke
POST /oauth/revoke
Revoke access or refresh tokens.
Required Scope: None (public)
Request:
curl -X POST https://api.tinyrebrand.com/api/oauth/revoke \
-H "Content-Type: application/json" \
-d '{
"token": "at_1234567890abcdef",
"token_type_hint": "access_token"
}'Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| token | string | ✅ | Token to revoke |
| token_type_hint | string | ❌ | Token type hint (access_token or refresh_token) |
Response:
{
"status": 200,
"code": "OK",
"message": "Token revoked successfully",
"data": {
"revoked": true
}
}POST /oauth/introspect
POST /oauth/introspect
Validate token and get metadata.
Required Scope: None (public)
Request:
curl -X POST https://api.tinyrebrand.com/api/oauth/introspect \
-H "Content-Type: application/json" \
-d '{
"token": "at_1234567890abcdef"
}'Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| token | string | ✅ | Token to introspect |
Response:
{
"status": 200,
"code": "OK",
"message": "Token introspected successfully",
"data": {
"active": true,
"token_type": "Bearer",
"scope": "user:read links:read",
"client_id": "web-client",
"username": "[email protected]",
"exp": 1719936000
}
}